SSL Web Proxy Vigor2930, Vigor2950 and VigorPro 5500/5510 series router support SSL Web Proxy function to let user access lots of servers in security via Internet environment. We provide a general user application as a reference including case description and configuration of Web interface. There are two modes supported in this feature including Secured Port Redirection mode and SSL mode. Please refer to the following introduction about related application and configuration. Introduction Generally to access an internal web server which is behind a NAT router, you have the following two methods: 1. Open relevant ports (Usually TCP 80) on the router. 2. Connect a traditional VPN tunnel (PPTP, L2TP or IPSec) to the router. Drawbacks of the above methods: 1.If the web server contains private or restricted information which just allow authorized access, open port is a potential security hole for hackers to exploit for invasion or file transfer. In this case, most administrators don’t select open port. 2. There are many blocking issues involving connections in relation to GRE port blocking or ESP/AH port blocking. And there are many IPSec NAT incompatibility problems. So if you are on a business trip, it happens frequently that you can’t connect a VPN to your company’s router caused by the router/firewall in hotel, airport, etc. Advantages of SSL Web proxy Secured Port Redirection mode: It works like Open Port but the port opened by router is random and temporary. The random port is opened when the session is established, and closed when the connection is dropped. SSL mode: It uses HTTPS to establish a secure connection. Typical port blocking is decreased. No NAT incompatibility problem. No static IPs are required, and a VPN client is unnecessary. Application Note (Secured Port Redirection mode)
24
Embed
SSL Web Proxy - DrayTek Corp - Headquarters of DrayTek Vigor IP
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SSL Web Proxy
Vigor2930, Vigor2950 and VigorPro 5500/5510 series router support SSL Web Proxy function tolet user access lots of servers in security via Internet environment. We provide a general userapplication as a reference including case description and configuration of Web interface. Thereare two modes supported in this feature including Secured Port Redirection mode and SSL mode.Please refer to the following introduction about related application and configuration.
Introduction Generally to access an internal web server which is behind a NAT router, you have the followingtwo methods:
1. Open relevant ports (Usually TCP 80) on the router.
2. Connect a traditional VPN tunnel (PPTP, L2TP or IPSec) to the router.
Drawbacks of the above methods:
1.If the web server contains private or restricted information which just allow authorizedaccess, open port is a potential security hole for hackers to exploit for invasion or filetransfer. In this case, most administrators don’t select open port.
2. There are many blocking issues involving connections in relation to GRE port blocking orESP/AH port blocking. And there are many IPSec NAT incompatibility problems. So if youare on a business trip, it happens frequently that you can’t connect a VPN to your company’srouter caused by the router/firewall in hotel, airport, etc.
Advantages of SSL Web proxy
Secured Port Redirection mode:It works like Open Port but the port opened by router is random and temporary. The random portis opened when the session is established, and closed when the connection is dropped.
SSL mode:It uses HTTPS to establish a secure connection. Typical port blocking is decreased. No NATincompatibility problem. No static IPs are required, and a VPN client is unnecessary.
Application Note (Secured Port Redirection mode)
Figure 1
OTRS is a working system which just permits the Support department to access. Gforge is another system which permits the Support, Sales, R&D etc. department to access. Both systems are based on web services. User A belongs to the Support department, and User B belongs to the Sales department. They are on business trips and need to access the systems from the Internet.
Configurations on the Router :
1. Go to the SSL VPN >> SSL Web Proxy page, and setup two entries.
2. Enter the following:
·Enter a name for the OTRS system.
·If the web server is allowed to be accessed directly through IP address, you may
input the format http://ip/directory in the URL field. Here http://172.17.1.40/login.pl
·If you have input IP address in the URL field, you needn’t setup the Host IP
Address field. In fact you will find it is grayed out.
·Select "Secured Port Redirection".
3. Enter the following:
·Enter a name for the Gforge system.
·If the web server is restricted to be accessed from domain name, you have to input
the format http://domain_name /directory in the URL field. Here is
http://swm.gforge.com
·Enter the IP address of the web server in the Host IP Address field